Configuration Management SPIE-2003
Transcript of Configuration Management SPIE-2003
-
7/28/2019 Configuration Management SPIE-2003
1/23
Configuration Management
Supplement 67
Robert Horn, Agfa Healthcare
-
7/28/2019 Configuration Management SPIE-2003
2/23
Configuration Management
The Problem being solved Use Cases
Sup. 67DICOM Configuration Management
-
7/28/2019 Configuration Management SPIE-2003
3/23
The Problem Being Solved
Installation of DICOM equipment Takes too long
Requires too much effort
Requires time consuming, multi-vendor coordination
Involves too many mistakes
Upgrading and repairing DICOM equipment Requires too much service effort for configuration tasks that
are unrelated to the problem being solved.
Configuration complexity prevents customer self-help for
simple problems
-
7/28/2019 Configuration Management SPIE-2003
4/23
Use cases
Add a new machine
Locate Actor, IP, AE-title, Security
information Single node power up and establish
configuration
Time Synchronization
-
7/28/2019 Configuration Management SPIE-2003
5/23
-
7/28/2019 Configuration Management SPIE-2003
6/23
Network Services
DHCP Assigns IP address, hostname
Informs DNS of assignment
Provides routing, NTP, DNS, etc. information to client
DNS Provides hostname to IP lookup services
Provides server location lookup services
NTP Provides accurate time and time synchronization
See www.ntp.org for descriptions, software, evaluation, and
configuration guidance.
http://www.ntp.org/http://www.ntp.org/ -
7/28/2019 Configuration Management SPIE-2003
7/23
LDAP
Very Widespread use,
No surprises to the IT staff
Large base of trained users and administrators
Large base of software clients
Support by Microsoft, Unix, Open Source
Support for federated databases Easy to extend by adding schema
-
7/28/2019 Configuration Management SPIE-2003
8/23
Infrastructure requirements
DHCP, DNS, NTP, LDAP may be on one host, or
may be on multiple hosts.
Normal network design issues, nothing special for
the DHCP, DNS and NTP services.
LDAP is increasingly integrated into IT
operations. This makes its use for configuration
management more attractive, but means a greaterplanning involvement with the IT organization.
-
7/28/2019 Configuration Management SPIE-2003
9/23
Beyond AE-Titles
Installation and Network Configuration oriented
Locate Application given the AE-title
TCP/IP parameters
AE Configuration
SOP Classes supported (SCU/SCP, Transfer Syntaxes)
Vendor extension
Obtain new unique AE-Title
Device Configuration
Description
Vendor extension
Hospital extension
-
7/28/2019 Configuration Management SPIE-2003
10/23
-
7/28/2019 Configuration Management SPIE-2003
11/23
Preconfigured Installation
A
A
A
A
B BB
LDAP
LDIF
LDIF
Network
Planning
PreparedConfigurations
Prepared
Configurations
Vendor A Preparation
Vendor B preparation
DHCP
IT Organization
-
7/28/2019 Configuration Management SPIE-2003
12/23
Add another machine
DHCP
LDAP
DNS
Get IP, hostname, etc.
Find LDAP Server
Query Configuration
Obtain Unique AE Titles
Update Configuration
Install Hardware
Assign Name
Configure System
-
7/28/2019 Configuration Management SPIE-2003
13/23
Customer Assisted Maintenance
Simple device swap
Remote reconfiguration
Local reconfiguration
-
7/28/2019 Configuration Management SPIE-2003
14/23
Present Supplement Status
Supplement 67Proposed for Frozen Draft
Could be updated and final by September or
October.
-
7/28/2019 Configuration Management SPIE-2003
15/23
Configuration Management
Actors
Resolve Hostname
NTP ClientNTP Server
DHCP Client DHCP Server DNS Server
LDAP Client LDAP Server
Maintain Time
Find NTP ServerDHCP
SNTP Client
DDNS
Coordination
Find DHCP and Use
Server
MaintainLease
Find LDAP Server
Query LDAP Server,Client Update LDAP
Server
One or more Client
actors will be in thesame device
Find NTP ServerBroadcast
Maintain Time
One or more Server actors may be in the same device
DNS Client
Resolve Hostname
OR
-
7/28/2019 Configuration Management SPIE-2003
16/23
Individual AE TitleIndividual AE Title
LDAP Schema
DICOM Configuration
Unique AE Titles Registry
Individual AE Title
Devices Vendor Information, Certificates, Device Configuration parameters, etc.
AE-Title, Description, AE Configuration parameters, etc.Network AENetwork AE
Transfer CapabilityTransfer CapabilitySCU/SCP, Hostname, Port, etc.
} This portion is used toprovide unique AE titlesautomatically.
-
7/28/2019 Configuration Management SPIE-2003
17/23
## The following attribute types are defined in this document:
#
# Name Syntax Multiplicity
# -------------------------------- ------ ------------
# dicomDeviceName string Single
# dicomDescription string Single
# dicomManufacturer string Single
# dicomManufacturerModelName string Single
# dicomVersion string Multiple
# dicomVendorData binary Multiple
# dicomAETitle string Single# dicomNetworkConnectionReference DN Multiple
# dicomApplicationCluster string Multiple
# dicomAssociationInitiator bool Single
# dicomAssociationAcceptor bool Single
# dicomHostname string Single
# dicomPort Integer Single
# dicomSOPClass OID Single
# dicomTransferRole string Single
# dicomTransferSyntax OID Multiple
# dicomPrimaryDeviceType string Multiple
# dicomRelatedDeviceReference DN Multiple
# dicomPeerAETitle string Multiple
# dicomTLSCipherSuite string Multiple
# dicomAuthorizedNodeCertificateReference DN Multiple
# dicomThisNodeCertificateReference DN Multiple
# dicomInstalled bool Single
#
LDAP Schema
-
7/28/2019 Configuration Management SPIE-2003
18/23
Example of attribute definition
# 3.1 dicomDeviceName string Single
#
# This attribute stores the unique name (within the scope of the LDAP database)
# for a DICOM Device.
#
# It is a single-valued attribute.
# This attribute's syntax is 'Directory String'.
# Its case is not significant for equality and substring matches.
#
attributetype ( 1.2.840.10008.15.0.3.1
NAME 'dicomDeviceName'
DESC 'The unique name for the device'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
-
7/28/2019 Configuration Management SPIE-2003
19/23
Objects Defined
# The following object classes are defined in this document. All are
# structural classes.
#
# Name Description
# --------------------------- --------------------------
# dicomConfigurationRoot root of the DICOM Configuration Hierarchy
# dicomDevicesRoot root of the DICOM Devices Hierarchy
# dicomUniqueAETitlesRegistryRoot root of the Unique DICOM AE-Titles Registry Hierarchy
# dicomDevice Devices# dicomNetworkAE Network AE
# dicomNetworkConnection Network Connections
# dicomUniqueAETitle Unique AE Title
# dicomTransferCapability Transfer Capability
-
7/28/2019 Configuration Management SPIE-2003
20/23
Example of Object Definition#
# 4.4 dicomDevice#
# This structural object class represents a DICOM Device.
#
objectclass ( 1.2.840.10008.15.0.4.4
NAME 'dicomDevice'
DESC 'DICOM Device related information'
SUP top
STRUCTURALMUST (
dicomDeviceName $
dicomInstalled )
MAY (
dicomDescription $
dicomManufacturer $
dicomManufacturerModelName $
dicomVersion $
dicomVendorData $
dicomPrimaryDeviceType $
dicomRelatedDeviceReference $
dicomAuthorizedNodeCertificateReference $
dicomThisNodeCertificateReference) )
-
7/28/2019 Configuration Management SPIE-2003
21/23
Use of LDAP Schema
Schema text from the supplement in the format used to configure generic LDAP
servers
Cut and paste from supplement into serverconfiguration file tested and verified
Local extension by modifying schema
-
7/28/2019 Configuration Management SPIE-2003
22/23
Purpose of Frozen Draft
Find any remaining flaws in the Frozen Draft Inhouse experience at several companies revealed flaws in the
public comment version.
The flaws only became apparent during the development of
trial versions.
Inter-company trials are expected to reveal other flaws in the Frozen Draft version
The trials are not exploring implementation compatibility, only
clarity of the standard The trials are not a compatibility connectathon
The Committee for Advancement of DICOM is organizing a
small group of trial implementations.
-
7/28/2019 Configuration Management SPIE-2003
23/23
Future additions
Security parameter distribution LDAP is one of the mechanisms for distributing PKI
information for key management.